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CLAIMS 

1. A mobile wireless communication system having a 
public network, a private network and a public wireless 
LAN system, comprises: 

5 a virtual private network relay apparatus which 

establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 

10 mobile wireless terminal apparatus from the public 
wireless LAN system to the private network; 

a connection authentication server that is 
installed on the public wireless LAN system and 
authenticates connection of the mobile wireless terminal 

15 apparatus to the public wireless LAN system; and 

a wireless LAN access point that relays connection 
authentication procedures of a public wireless LAN 
performed between the mobile wireless terminal apparatus 
and the connection authentication server. 

20 

2. A mobile wireless terminal apparatus in a mobile 
wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 

25 establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with the mobile 
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wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, a connection 
authentication server that is installed on the public 
5 wireless LAN system and authenticates connection of the 
mobile wireless terminal apparatus to the public wireless 
LAN system, and a wireless LAN access point that relays 
connection authentication procedures of a public wireless 
LAN performed between the mobile wireless terminal 
10 apparatus and the connection authentication server, 
comprising : 

an authentication processing section that performs 
authentication processing of connection to the public 
wireless LAN system to the connection authentication 
15 server; 

an address acquiring section that acquires an IP 
address of the virtual private network relay apparatus 
from the connection authentication server when the 
connection to the public wireless LAN system is permitted; 

20 an address notifying section that notifies an IP 

address of the mobile wireless terminal apparatus to the 
connection authentication server; and 

an IPsec key exchanging section that performs an 
IPsec key exchange with the virtual private network relay 

25 apparatus using the IP address of the virtual private 
network relay apparatus. 
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3. A mobile wireless terminal apparatus in a mobile 

wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 
5 establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with the mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 

10 wireless LAN system to the private network, a connection 
authentication server that is installed on the public 
wireless LAN system and that authenticates connection 
of the mobile wireless terminal apparatus to the public 
wireless LAN system, and a wireless LAN access point that 

15 relays connection authentication procedures of a public 
wireless LAN performed between the mobile wireless 
terminal apparatus and the connection authentication 
server, comprising: 

an authentication processing section that performs 

20 authentication processing of connection to the public 
wireless LAN system to the connection authentication 
server ; 

an IPsec shared key acquiring section that acquires 
an IPsec pre-shared secret key for use in the IPsec key 
25 exchange performed with the virtual private network relay 
apparatus from the connection authentication server when 
the connection to the public wireless LAN system is 
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permitted ; and 

an IPsec key exchanging section that performs the 
IPsec key exchange with the virtual private network relay 
apparatus using the IPsec pre-shared secret key. 

5 

4. A mobile wireless terminal apparatus in a mobile 

wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 

10 establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with the mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 

15 wireless LAN system to the private network, a home agent 
that controls moving of the mobile wireless terminal 
apparatus, a connection authentication server that is 
installed on the public wireless LAN system and 
authenticates connection of the mobile wireless terminal 

20 apparatus to the public wireless LAN system, and a wireless 
LAN access point that relays connection authentication 
procedures of a public wireless LAN performed between 
the mobile wireless terminal apparatus and the connection 
authentication server, comprising : 

25 an authentication processing section that performs 

authentication processing of connection to the public 
wireless LAN system to the connection authentication 
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server ; 

an MIP shared key acquiring section that acquires 
a pre-shared secret key for use in mobile IP registration 
made with the home agent from the connection 
5 authentication server when the connection to the public 
wireless LAN system is permitted; and 

an MIP registering section that makes the mobile 
IP registration to the home agent using the pre-shared 
secret key. 

10 

5. A mobile wireless terminal apparatus in a mobile 

wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 

15 establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with the mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 

20 wireless LAN system to the private network, 

a home agent that controls moving of the mobile wireless 
terminal apparatus, a connection authentication server 
that is installed on the public wireless LAN system and 
authenticates connection of the mobile wireless terminal 

25 apparatus to the public wireless LAN system, and a wireless 
LAN access point that relays connection authentication 
procedures of a public wireless LAN performed between 
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the mobile wireless terminal apparatus and the connection 
authentication server, comprising: 

an authentication processing section that performs 
authentication processing of connection to the public 
5 wireless LAN system to the connection authentication 
server ; 

an address acquiring section that acquires an IP 
address of the virtual private network relay apparatus 
from the connection authentication server when the 
10 connection to the public wireless LAN system is permitted; 

an address notifying section that notifies an IP 
address of the mobile wireless terminal apparatus to the 
connection authentication server; 

an IPsec shared key acquiring section that acquires 
15 an IPsec pre-shared secret key for use in the IPsec key 
exchange performed with the virtual private network relay 
apparatus from the connection authentication server; 

an MIP shared key acquiring section that acquires 
an MIP pre-shared secret key for use in mobile IP 
20 registration made with the home agent from the connection 
authentication server; 

an IPsec key exchanging section that performs 
exchange of the IPsec key with the virtual private network 
relay apparatus using the IPsec pre-shared secret key; 
25 and 

an MIP registering section that makes the mobile 
IP registration to the home agent using the MIP pre-shared 
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secret key . 

6. A virtual private network relay apparatus in a 

mobile wireless communication system which has a public 
5 network, a private network and a public wireless LAN system 
and comprises the virtual private network relay apparatus 
which establishes an IPsec tunnel with a network relay 
apparatus installed on the private network via the public 
network, further establishes the IPsec tunnel with a 

10 mobile wireless terminal apparatus, and relays connection 
of the mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, a connection 
authentication server that is installed on the public 
wireless LAN system and authenticates connection of the 

15 mobile wireless terminal apparatus to the public wireless 
LAN system, and a wireless LAN access point that relays 
connection authentication procedures of a public wireless 
LAN' performed between the mobile wireless terminal 
apparatus and the connection authentication server, 

20 comprising: 

an address acquiring section that receives an IP 
address of the mobile wireless terminal apparatus from 
the connection authentication server; and 

an IPsec key exchanging section that performs an 

25 IPsec key exchange with the mobile wireless terminal 
apparatus using the IP address of the mobile wireless 
terminal apparatus . 
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7 . A virtual private network relay apparatus in a mobile 
wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
5 comprises the virtual private network relay apparatus 
which establishes an IPsec tunnel with a network relay 
apparatus installed on the private network via the public 
network, further establishes the IPsec tunnel with a 
mobile wireless terminal apparatus and relays connection 

10 of the mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, 
a connection authentication server that is installed on 
the public wireless LAN system and authenticates 
connection of the mobile wireless terminal apparatus to 

15 the public wireless LAN system, and a wireless LAN access 
point that relays connection authentication procedures 
of a public wireless LAN performed between the mobile 
wireless terminal apparatus and the connection 
authentication server, comprising: 

20 an IPsec shared key acquiring section that acquires 

a pre-shared secret key for use in an IPsec key exchange 
performed with the mobile wireless terminal apparatus 
from the connection authentication server; and 

an IPsec key exchanging section that performs the 

25 IPsec key exchange with the mobile wireless terminal 
apparatus using the pre-shared secret key. 
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8. A virtual private network relay apparatus in a 

mobile wireless communication system which has a public 
network, a private network and a public wireless LAN system 
and comprises the virtual private network relay apparatus 
5 which establishes an IPsec tunnel with a network relay 
apparatus installed on the private network via the public 
network, further establishes the IPsec tunnel with a 
mobile wireless terminal apparatus and 

relays connection of the mobile wireless terminal 

10 apparatus from the public wireless LAN system to the 
private network, a connection authentication server 
that is installed on the public wireless LAN system and 
authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system, and a wireless 

15 LAN access point that relays connection authentication 
procedures of a public wireless LAN performed between 
the mobile wireless terminal apparatus and the connection 
authentication server, comprising: 

an address acquiring section that receives an IP 

20 address of the mobile wireless terminal apparatus from 
the connection authentication server; 

an IPsec shared key acquiring section that receives 
a pre-shared secret key for use in the IPsec key exchange 
performed with the mobile wireless terminal apparatus 

25 from the connection authentication server; and 

an IPsec key exchanging section that performs the 
IPsec key exchange with the mobile wireless terminal 
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apparatus using the IP address of the mobile wireless 
terminal apparatus and the pre-shared secret key. 

9. A connection authentication server in a mobile 
5 wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 
establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 

10 further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, connection 
authentication server that is installed on the public 

15 wireless LAN system and authenticates connection of the 
mobile wireless terminal apparatus to the public wireless 
LAN system, and a wireless LAN access point that relays 
connection authentication procedures of a public wireless 
LAN performed between the mobile wireless terminal 

20 apparatus and the connection authentication server, 
compr i s ing : 

an authentication processing section that 
authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system; 
25 an address acquiring section that receives an IP 

address of the mobile wireless terminal apparatus from 
the mobile wireless terminal apparatus when permitting 
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the connection of the mobile wireless terminal apparatus 
to the public wireless LAN system; and 

an address notifying section that notifies an IP 
address of the virtual private network relay apparatus 
5 to the mobile wireless terminal apparatus and notifies 
the IP address of the mobile wireless terminal apparatus 
to the virtual private network relay apparatus. 

10. A connection authentication server in a mobile 

10 wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 
establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 

15 further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, the connection 
authentication server that is installed on the public 

20 wireless LAN system and authenticates connection of the 
mobile wireless terminal apparatus to the public wireless 
LAN system, and a wireless LAN access point that relays 
connection authentication procedures of a public wireless 
LAN performed between the mobile wireless terminal 

25 apparatus and the connection authentication server, 
compr i s ing : 

an authentication processing section that 
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authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system; and 

an IPsec shared key distributing section that 
distributes a pre-shared secret key, for use in an IPsec 
5 key exchange performed between the mobile wireless 
terminal apparatus and the virtual private network relay 
apparatus, to the mobile wireless terminal apparatus and 
the virtual private network relay apparatus when 
permitting the connection of the mobile wireless terminal 
10 apparatus to the public wireless LAN system. 

11. A connection authentication server in a mobile 
wireless communication system which has a public network, 
a private network and a public wireless LAN system and 

15 comprises a virtual private network relay apparatus which 
establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network , 
further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 

20 mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, a home agent 
that controls moving of the mobile wireless terminal 
apparatus, the connection authentication server that is 
installed on the public wireless LAN system and 

25 authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system, and a wireless 
LAN access point that relays connection authentication 
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procedures of a public wireless LAN performed between 
the mobile wireless terminal apparatus and the connection 
authentication server, comprising: 

an authentication processing section that 
5 authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system; and 

an MIP shared key distributing section that 
distributes a pre-shared secret key, for use in mobile 
IP registration performed between the mobile wireless 
10 terminal apparatus and the home agent, to the mobile 
wireless terminal apparatus and the home agent when 
permitting the connection of the mobile wireless terminal 
apparatus to the public wireless LAN system. 

15 12 . A connection authentication server in a mobile 
wireless communication system which has a public network, 
a private network and a public wireless LAN system and 
comprises a virtual private network relay apparatus which 
establishes an IPsec tunnel with a network relay apparatus 

20 installed on the private network via the public network, 
further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 
wireless LAN system to the private network, a home agent 

25 that controls moving of the mobile wireless terminal 
apparatus, the connection authentication server that is 
installed on the public wireless LAN system and 
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authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system, and a wireless 
LAN access point that relays connection authentication 
procedures of a public wireless LAN performed between 
5 the mobile wireless terminal apparatus and the connection 
authentication server, compr is ing : 

an authentication processing section that 
authenticates connection of the mobile wireless terminal 
apparatus to the public wireless LAN system; 

10 an address acquiring section that receives an IP 

address of the mobile wireless terminal apparatus from 
the mobile wireless terminal apparatus when permitting 
the connection of the mobile wireless terminal apparatus 
to the public wireless LAN system; 

15 an address notifying section that notifies an IP 

address of the virtual private network relay apparatus 
to the mobile wireless terminal apparatus and notifies 
the IP address of the mobile wireless terminal apparatus 
to the virtual private network relay apparatus; 

20 an IPsec shared key distributing section that 

distributes an IPsec pre-shared secret key, for use in 
an IPsec key exchange performed between the mobile 
wireiess terminal apparatus and the virtual private 
network relay apparatus, to the mobile wireless terminal 

25 apparatus and the virtual private network relay 
apparatus; and 

an MIP shared key distributing section that 
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distributes anMIPpre-shared secret key, for use in mobile 
IP registration performed between the mobile wireless 
terminal apparatus and the home agent, to the mobile 
wireless terminal apparatus and the home agent. • 

5 

13. A wireless LAN access point in a mobile wireless 
communication system which has a public network, a private 
network and a public wireless LAN system and comprises 
a virtual private network relay apparatus which 

10 establishes an IPsec tunnel with a network relay apparatus 
installed on the private network via the public network, 
further establishes the IPsec tunnel with a mobile 
wireless terminal apparatus and relays connection of the 
mobile wireless terminal apparatus from the public 

15 wireless LAN system to the private network, a home agent 
that controls moving of the mobile wireless terminal 
apparatus, a connection authentication server that is 
installed on the public wireless LAN system and 
authenticates connection of the mobile wireless terminal 

20 apparatus to the public wireless LAN system, and the 
wireless LAN access point that relays connection 
authentication procedures of a public wireless LAN 
performed between the mobile wireless terminal apparatus 
and the connection authentication server, comprising: 

25 an authentication relay section that transmits to 

the mobile wireless terminal apparatus an IP address, 
an IPsec pre-shared key and a Mobile IP pre-shared key 



2F04200-PCT 

transmitted from the connection authentication server 
and transmits an IP address transmitted from the mobile 
wireless terminal apparatus to the connection 
authentication server, using a secure communication path 
5 established in the connection authentication procedures 
of the public wireless LAN performed between the mobile 
wireless terminal apparatus and the connection 
authentication server. 

10 14. A home agent in a mobile wireless communication 
system which has a public network, a private network and 
a public wireless LAN system and comprises a virtual 
private network relay apparatus which establishes an 
IPsec tunnel with a network relay apparatus installed 

15 on the private network via the public network, further 
establishes the IPsec tunnel with a mobile wireless 
terminal apparatus and relays connection of the mobile 
wireless terminal apparatus from the public wireless LAN 
system to the private network, the home agent that controls 

20 moving of the mobile wireless terminal apparatus, a 
connection authentication server that is installed on 
the public wireless LAN system and authenticates 
connection of the mobile wireless terminal apparatus to 
the public wireless LAN system, and a wireless LAN access 

25 point that relays connection authentication procedures 
of a public wireless LAN performed between the mobile 
wireless terminal apparatus and the connection 
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authentication server, comprising: 

an MIP shared key acquiring section that receives 
a pre-shared secret key for use in mobile IP registration 
of the mobile wireless terminal apparatus from the 
connection authentication server; and 

an MIP processing section that processes the mobile 
IP registration from the mobile wireless terminal 
apparatus using the pre-shared secret key. 
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